'13 Nagios Vulnerabilities, #7 will SHOCK you!' by Samir Ghane | PT SWARM

"13 Nagios Vulnerabilities, #7 will SHOCK you!" by Samir Ghanem

Gaining access to Nagios XI server results in upstream compromise of management server, i.e. every other customer monitored. Exploitation facilitated with soygun tool.

Contents:
• TL;DR
• Why Nagios?
• What is Nagios?
• The Code
• Challenge Accepted
• What are we trying to achieve?
• Step 1: RCE on Nagios XI server from low privilege Nagios XI user (CVE-2020-28648)
• Step 2: Elevate privileges to ‘root’ on Nagios XI server (CVE-2020-28910)
• Step 3: Trigger XSS by tainting data returned to Nagios Fusion from XI (CVE-2020-28903)
• Step 4: Authenticated remote code execution on Nagios Fusion (CVE-2020-28905)
• Step 5: Elevate privileges from apache to root using the ‘cmd_subsys.php’ (CVE-2020-28902)
• Step 6: Get list of “fused” XI servers and exploit them using Step 1 and 2
• PoC or Attack Platform
• SoyGun
• Command & Control (C2)
• SoyGun Implant
• DeadDrop
• Demo
• Disclosure and Afterthoughts
• Full Vulnerabilities List

https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/

PT SWARM

👩‍🚒 2.98K
Technologies

Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...

Join
▲ Vote (1)

'13 Nagios Vulnerabilities, #7 will SHOCK you!' by Samir Ghane | PT SWARM

Login